Follow by Email

Saturday, April 11, 2015

Security Audit Of TrueCrypt

The security audit of the TrueCrypt code has been completed (see here for the first phase of the audit), and the results aregood. Some issues were found, but nothing major.
From Matthew Green, who is leading the project:

The TL;DR is that based on this audit, Truecrypt appears
to be a relatively well-designed piece of crypto software. The NCC audit
found no evidence of deliberate backdoors, or any severe design flaws
that will make the software insecure in most instances.
That doesn't mean Truecrypt is perfect. The auditors did
find a few glitches and some incautious programming -- leading to a
couple of issues that could, in the right circumstances, cause Truecrypt
to give less assurance than we'd like it to.